"Based on existing precedent, we expect the same trend to continue, if not increase, during the 2018 holiday shopping season," says Tom Kellermann, Carbon Black's chief cybersecurity officer. "During the holiday season, there is often a ton of noise in the online world and attackers do everything they can to take advantage of that. This applies not only to consumers who shop online, but also to businesses as well, many of which are under staﬀed and, in the case of retailers, approaching the busiest time of the year."

According to Carbon Black's Threat Analysis Unit, holiday-related cyberattacks are the result of commodity malware, commonly delivered through spear-phishing campaigns. In recent years, attacks targeting major retailers (often through supply chain partners) have resulted in the loss of millions of customer records and credit card numbers as well as major breach costs for the targeted organizations.

With teams stretched to cope with demand over a peak period, it's more likely that inattention can lead to people falling for phishing attacks using things like fake tracking details or invoices.